The warnings about cybersecurity issued this spring were pretty clear. We’re not in a “boy who cried wolf” situation. It’s more like the wolf is right outside the door sniffing around for a way inside. Companies have to get themselves ready for cyberattacks now.
Members of the federal government and the president’s administration have said more than once that attacks from foreign entities are “coming.” Evidently, it’s not an if, but a when. And of course, this new level of threat is just the latest layer on an already thick pile of unsavory entities that want to steal from our companies.
Our hard-earned work and prosperity depend on the integrity of our data. Almost no company is exempt in this regard. Now is the time to make sure our shields are up and running to their fullest capabilities. Adequate protection just requires a little preparation. Let’s keep those wolves at bay.
Shore Up Suppliers
As much as suppliers and vendors make up essential business relationships for many companies, they are also unfortunately a major avenue for cyberthreats. National experts have said “the most logical enemy avenue approach is through vulnerable third parties and the critical supply chain.”
This presents a bit of a challenge, as many businesses cannot directly control security methodologies outside of their own firm. They can, however, stipulate reasonable levels of expected protection and review points throughout their contracting processes. Appropriate levels of cybersecurity can easily be added as a term and condition that all supply chain partners be required to meet.
Collaboration should be formed between contracting companies, suppliers/vendors, and likely cybersecurity professionals as well to establish regular points of review and tracking. Cybercriminals are going to be on the lookout for the most vulnerable points of entry, which is in many cases found among smaller vendor networks. Working together to increase awareness and identify weaknesses in defenses is a great method of protecting businesses.
Without essential data on hand, many companies would face a total shutdown in the event of a breach or seizure. Often, cybercriminals like to ransom this data because they know many companies would have no other choice but to give in to their demands. To prevent this from happening, companies need to back up their data preferably using more than one method. For example, a combination of offline storage and online cloud storage would provide multiple layers of redundancy.
Backing up data should seem like a no brainer in the business world we live in, but it’s not a habit that every company engages with properly. To put it bluntly, there are a lot of companies that really do a poor job backing up their systems.
Information security site Help Net Security reports that 10% of companies do not back up their data at all. The other 90% that do back up their data frequently do so at insufficient intervals. For example, about 41% of them back up their data daily, 28% weekly, and 20% monthly. That leaves quite a bit of gaps where large amounts of valuable information could be lost or stolen without hope of recovery.
In short, it’s very important to establish a regular schedule of complete backups. Create at least two, one in the cloud and one offline locally, and stick to the schedule.
New threats are emerging all of the time and many of them rely on human gullibility to infiltrate systems. Most computer users are capable of spotting obvious scams or virus attempts, but the level of sophistication has only been growing over the last few years. Some of these threats are downright deviously tricky and can fool even the most tech-savvy employees.
Considering the potential for problems here, a regimen of regular training and education is recommended for most companies. Awareness is key. After all, a few lessons are a lot cheaper than hard lessons learned after a major data theft. Consider having your IT department or an outside security consultant routinely inform employees about the latest best practices in data use and threat identification.
Two-factor authentication is a very good practice to instill among all employees that access company data with a password. A staggering number of people use the same password for everything – almost two-thirds of all users. When two-factor authentication is used, the second login credential is randomized. So, in no uncertain terms, this method keeps company data safe from bad employee habits.
It's not very difficult for an individual’s password to become compromised. Without two-factor authentication, this basically gives cybercriminals keys to a company’s entire kingdom. Most employees have somewhere around a dozen login points for various software platforms and websites they need for work. If they are the type of person that doesn’t create unique passwords for each login, they could be a major point of vulnerability. Prevent this by requiring two-factor authentication for every employee login.
Patch and Update
As a final recommendation, companies should act quickly to ensure their software is appropriately up to date. Software patches and updates are released frequently, and although they’re a bit of a chore to maintain, they often contain very important fixes for security vulnerabilities.
Cybercriminals love to exploit these vulnerabilities or even distribute their own malicious, yet authentic-looking software updates designed to trick users. Therefore, it is advisable to delegate this task to IT departments or outside professionals that will install the correct updates when needed and make sure they perform without problems.
Stay One Step Ahead
Cyberattacks are coming, we know that much for sure. To get our companies ready now in earnest is not an alarmist way to behave. It’s the smart move, and in many cases the far cheaper move than taking a reactive position against threats such as these. To put it simply, companies could lose everything to the criminals and foreign governments that hover like wolves around our digital assets. Take steps now to strengthen cyber defenses and keep valuable data out of the hands of enemies.
The White House’s Urgent Cybersecurity Steps for Companies
- Mandate the use of multi-factor authentication.
- Deploy modern security tools on your computers and devices.
- Patch and protect systems against all known vulnerabilities.
- Change passwords across networks.
- Back up data and create offline backups.
- Run emergency drills.
- Encrypt your data.
- Educate your employees on common tactics that attackers will use.
- Engage proactively with your local FBI field office or CISA Regional Office.